添加链接 注册    登录
link管理
链接快照平台
  • 输入网页链接,自动生成快照
  • 标签化管理网页链接
相关文章推荐
狂野的马克杯  ·  Empower the ...·  2 月前    · 
狂野的毛豆  ·  逝去的武林宗师之后,再无宗师?_文化频道_凤凰网·  2 月前    · 
酷酷的红金鱼  ·  科普知识 - ...·  3 月前    · 
冷冷的春卷  ·  [口袋妖怪心金魂银]重要道具集合帖·  4 月前    · 
鬼畜的饼干  ·  .NET Core ...·  4 月前    · 
link管理  ›  Ad Group synchronization error - Forum - Identity Manager Community - One Identity Community
https://www.oneidentity.com/community/identity-manager/f/forum/29904/ad-group-synchronization-error
坚强的打火机
2 周前
  • Starling Identity Analytics & Risk Intelligence
  • Starling Two-Factor Authentication
  • TPAM Appliance
  • Contact Support
  • Overview
  • Customer Service
  • Licensing Assistance
  • Renewal Assistance
  • Technical Support
  • Download Software
  • Knowledge Base
  • My Account
  • My Products
  • My Service Requests
  • My Licenses
  • My Groups
  • My Profile
  • Policies & Procedures
  • Professional Services
  • Technical Documentation
  • One Identity University
  • User Forums
  • Video Tutorials
  • Partners
  • Overview
  • Partner Circle Log In
  • Become a Partner
  • Find a Partner
  • Partner Community
  • Communities
  • Blogs
  • Blogs A to Z
  • One Identity Community
  • AD Account Lifecycle Management
  • Cloud
  • Identity Governance & Administration
  • Privileged Access Management
  • syslog-ng Community
  • Forums
  • All Product Forums
  • Active Roles
  • Identity Manager
  • Password Manager
  • Safeguard
  • Unix Access Management
  • Social Networks
  • Facebook
  • LinkedIn
  • Twitter
  • YouTube

    • Hi all

    I have to run a synchronization involving AD Groups and AccProduct table. In details, once a given group is read from AD, I need to find a Product in the AccProduct Table with Ident_AccProduct equals to SamAccountName of the group.

    This procedure is pretty simple and it works fine against hundreds of groups except when in the following case: the Group’s SamAccountName is something like xxxxxx$MISERVER$xxxx.

    The query I implemented to get the AccProduct is as following:

    Dim AccProdObjectResult = SystemObject.Connection.QueryObject(SystemQuery _
    .From("AccProduct") _
    .Select("CustomProperty01","UID_AccProduct") _
    .Filter("Ident_AccProduct = '" & cstr(AccProd) & "'" )
    ).Result

    where AccProd is equal to xxxxxx$MISERVER$xxxx.

    the exception message is " Error loading system objects of class AccProduct (all) (AccProduct_Master)."

    I’m afraid this error is related to the $----$ chars into the SamAccountName

    I've also tried something like

    Dim AccProdObjectResult = SystemObject.Connection.QueryObject(SystemQuery _
    .From("AccProduct") _
    .Select("CustomProperty01","UID_AccProduct") _
    .Filter("Ident_AccProduct = '" & cstr(AccProd) & "'" )
    ).Result

    and like

    Dim AccProdObjectResult = SystemObject.Connection.QueryObject( SystemQuery _     .From("AccProduct") _     .Select("CustomProperty01","UID_AccProduct") _     .Filter(String.Format("Ident_AccProduct = '{0}'",cstr(AccProd) ))     ).Result

    but nothing changes.

    Please can someone advices me about how to solve this issue?

    Did you try to take a look at the debug log, when running the sync in the Synchronization Editor? Can you find the resulting query for your object $---$?

    What version are you using?

    thanks for your reply.

    The current version is 8.0

    Unfortunately, the only log I can get is as following.

    I think the most relevant line is “[1777260] Unknown variable (MISERVER)!”. And MiServer appears only once, in the SamAccountName of the role xxxxxxxxxxxxxxxxxxxxx$MISERVER$yyyyyyy.

    I’m SURE, from my logs, that the problem happens in the very moment the query is executed, as I’m sure the variable AccProd contains the right string xxxxxxxxxxxxxxxxxxxxx$MISERVER$yyyyyyy, as I printed it everywhere in my logs.

    Anyway, here the interesting part of the logs:

    [2134003] Error executing synchronization.

    [1777018] Error executing synchronization project (Active Directory Domain (DC=PROD,DC=LABxxxxxxxxxxx,DC=YY))'s workflow (Initial Synchronization).

    [1777124] Error executing projection step (group) of projection configuration (Initial Synchronization (Initial Synchronization)).

    [1777219] Error executing synchronization step (group)!

    [1777239] The mapping rule (vrt_matchpattern <-> SAM-Account-Name) was unable to execute synchronization between system objects (xxxxxxxxxxxxxxxxxxxxx$MISERVER$yyyyyyy) and (CN=xxxxxxxxxxxxxxxxxxxxx$MISERVER$yyyyyyy,OU=Groups,DC=prod,DC=labxxxxxxxxxxx,DC=ch) successfully!

    [1777161] Property (vrt_matchpattern@ADSGroup) could not set the value (xxxxxxxxxxxxxxxxxxxxx$MISERVER$yyyyyyy) from system object (xxxxxxxxxxxxxxxxxxxxx$MISERVER$yyyyyyy)!

    [1777207] Error executing 'Set' script for (vrt_matchpattern@ADSGroup)!

    [System.Reflection.TargetInvocationException] Exception has been thrown by the target of an invocation.

    [1777009] Error loading system objects of class AccProduct (all) (AccProduct_Master).

    [1777260] Unknown variable (MISERVER)!                        <*******************************************************************************************************************

    at StdioProcessor.StdioProcessor._Execute(Job job)

    at VI.Projector.JobComponent.ProjectorComponent.Activate(String task)

    at VI.Projector.JobComponent.ProjectorComponent._FullProjection()

    ---- Start of Inner Exception ----

    at VI.Projector.JobComponent.ProjectorComponent._FullProjection()

    at VI.Projector.Database.ProjectorExecutor.Project(ISession session, IProjectionConfiguration configuration, ProjectionOption options, ISystemObject adHocObject, CancellationToken cancellationToken)

    at VI.Projector.Projection.Extensions.Execute(IProjectorEngine engine, IProjectionConfiguration configuration, ProjectionOption options, ISystemObject adHocObject, CancellationToken cancellationToken)

    at System.Threading.Tasks.Task.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken)

    ---- Start of Inner Exception ----

    at VI.Projector.Projection.ProjectorEngine.<ExecuteAsync>d__3.MoveNext()

    ---- Start of Inner Exception ----

    at VI.Projector.Projection.ProjectorEngine.<ExecuteAsync>d__3.MoveNext()

    ---- Start of Inner Exception ----

    at VI.Projector.Projection.ProjectorEngine.<ExecuteAsync>d__3.MoveNext()

    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)

    at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)

    --- End of stack trace from previous location where exception was thrown ---

    at VI.Projector.Projection.ProjectionStrategy.<ExecuteStepAsync>d__2.MoveNext()

    ---- Start of Inner Exception ----

    at VI.Projector.Projection.ProjectionStrategy.<ExecuteStepAsync>d__2.MoveNext()

    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)

    at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)

    --- End of stack trace from previous location where exception was thrown ---

    at VI.Projector.Projection.ProjectionStrategyBase.<OnExecuteStepAsync>d__2.MoveNext()

    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)

    at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)

    --- End of stack trace from previous location where exception was thrown ---

    at VI.Projector.Projection.ProjectionStrategyBase.<_ProcessIntersectionSetAsync>d__17.MoveNext()

    at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()

    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)

    at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)

    --- End of stack trace from previous location where exception was thrown ---

    at VI.Projector.Projection.ProjectionStrategyBase.<_ProcessMappingOfSystemObjectPairsAsync>d__21.MoveNext()

    at VI.Projector.Mapping.Extensions.MapObjects(ISystemMap map, IEnumerable`1 pairs, SystemMappingOptions options)

    at System.Threading.Tasks.Parallel.ForEach[TSource](IEnumerable`1 source, ParallelOptions parallelOptions, Action`1 body)

    at System.Threading.Tasks.Parallel.ForEachWorker[TSource,TLocal](IEnumerable`1 source, ParallelOptions parallelOptions, Action`1 body, Action`2 bodyWithState, Action`3 bodyWithStateAndIndex, Func`4 bodyWithStateAndLocal, Func`5 bodyWithEverything, Func`1 localInit, Action`1 localFinally)

    at System.Threading.Tasks.Parallel.ForWorker[TLocal](Int32 fromInclusive, Int32 toExclusive, ParallelOptions parallelOptions, Action`1 body, Action`2 bodyWithState, Func`4 bodyWithLocal, Func`1 localInit, Action`1 localFinally)

    at System.Threading.Tasks.Task.Wait()

    at System.Threading.Tasks.Task.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken)

    ---- Start of Inner Exception ----

    at System.Threading.Tasks.Task.<>c__DisplayClass11.<ExecuteSelfReplicating>b__10(Object param0)

    at System.Threading.Tasks.Task.InnerInvokeWithArg(Task childTask)

    at System.Threading.Tasks.Parallel.<>c__DisplayClassf`1.<ForWorker>b__c()

    at VI.Projector.Mapping.Extensions.<>c__DisplayClass6_0.<MapObjects>b__0(SystemObjectMatchingPair pair)

    at VI.Projector.Mapping.SystemMappingRule.ApplyMapping(ISystemObject leftObject, ISystemObject rightObject, SystemMappingOptions options)

    ---- Start of Inner Exception ----

    at VI.Projector.Mapping.SystemMappingRule.ApplyMapping(ISystemObject leftObject, ISystemObject rightObject, SystemMappingOptions options)

    at VI.Projector.Mapping.Rules.SinglePropertyComparisonRule.OnApplyMapping(ISystemObject leftObject, ISystemObject rightObject, SystemMappingOptions options)

    at VI.Projector.Mapping.Rules.SinglePropertyComparisonRule._SetValue(ISystemObject systemObject, ISchemaProperty targetProperty, Object value, Boolean handleAsSingleValue, Boolean isSecretValue, Boolean projectExamples, Boolean reportDataChanges, Func`1 getTargetValue)

    at VI.Projector.Schema.SchemaProperty.SetValue(ISystemObject systemObject, Object value, SchemaPropertySetValueOption option)

    ---- Start of Inner Exception ----

    at VI.Projector.Schema.SchemaProperty.SetValue(ISystemObject systemObject, Object value, SchemaPropertySetValueOption option)

    at VI.Projector.Schema.Properties.ScriptedSchemaProperty.OnSetValue(ISystemObject systemObject, Object outerValue, SchemaPropertySetValueOption option)

    ---- Start of Inner Exception ----

    at VI.Projector.Schema.Properties.ScriptedSchemaProperty.OnSetValue(ISystemObject systemObject, Object outerValue, SchemaPropertySetValueOption option)

    at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)

    at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments)

    at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)

    ---- Start of Inner Exception ----

    at VI.Projector.Scripting.ProjectorScripts.Setvrt_matchpatternd0706677_f7ec_47ba_a774_a6c810cacf7b(ISchemaProperty& schemaProperty, String& value, SchemaPropertySetValueOption& options)

    at VI.Projector.Connection.SystemConnection.QueryObjectInternal(ISchemaClass schemaClass, QueryByFilterOptions query, Boolean withScope)

    ---- Start of Inner Exception ----

    at VI.Projector.Connection.SystemConnection.QueryObjectInternal(ISchemaClass schemaClass, QueryByFilterOptions query, Boolean withScope)

    at VI.Projector.Filter.SystemObjectFilterJoin.Finalize(ISystemVariableSet variables)

    at VI.Projector.Filter.SystemObjectNativeSystemFilter.OnFinalize(ISystemVariableSet variables)

    at System.Text.RegularExpressions.Regex.Replace(String input, MatchEvaluator evaluator)

    at System.Text.RegularExpressions.RegexReplacement.Replace(MatchEvaluator evaluator, Regex regex, String input, Int32 count, Int32 startat)

    at VI.Projector.Internal.ValueReplacer._FindVarForMatch(Match match)

    Please, I beg some advices...

    Thanks in advance,

    Alberto

    The problem seems quite clear to me:

    1777260] Unknown variable (MISERVER)!

    The connector is looking for a declared/defined variable in the sync project called MISERVER.  The notation for referencing a variable is $<var>$ ..... and that is exactly the notation you have in the string value of the incoming samAccountName.

    This "looks like" a bug to me in that I think the connector should take the literal string value of the attribute from the target system ...... it "looks like" it is putting it through some internal variable replacement routine.

    I would suggest to open a case with support to verify if it really is a bug and they will assist you towards a resolution should that be the case.

    HTH, Barry.

    Thnaks Barry.

    this is also my conclusion.

    I hope there is a workaround to execute that query without involving the connector.

    Alberto

    Markus,
    I need to execute some more tasks inside the script. In this case I cannot rely on a KRP. I'm afraid I need to adapt to the solution I found on server.

    Alberto

    Hi Markus

    That’s interesting solution but I’m afraid I cannot rely on it neither.

    Unfortunately, the relation between the SamAccountName and the Ident_AccProduct is something like

    SamAccountName = xxx_Indet_AccProduct_yyy

    I think I cannot instruct the KRP to match that pattern. If I’m wrong, please advice.

    Is there a way to execute e “plain SQL query”, it this way excluding the connector? I mean, can I write something like Something.SomethingElse.ExecuteQuery(“select UID_AccProduct from … where… ”) ?

    Alberto

    Markus
    let's say the samaccountname I need to match is xxxxx$MiServer$yyyy and the ident_AccProduct stored on the db  is cccc_xxxxx$MiServer$yyyy_dddd, where cccc and dddd are constant strings.
    In the code I submitted, the value cccc_xxxxx$MiServer$yyyy_dddd is stored in the variable AccProd and it is correctly formatted.
    I know I cannot write plain SQL… I meant if there is a way to pass "hand written - old fashion query" to the connector or to some other objects, in order to prevent the connector (or any other object) from writing or modifying the query itself.
    Alberto
     
    推荐文章
    狂野的马克杯  ·  Empower the innovators - HBK
    2 月前
    狂野的毛豆  ·  逝去的武林宗师之后,再无宗师?_文化频道_凤凰网
    2 月前
    酷酷的红金鱼  ·  科普知识 - “阅读疗法”真能治病吗?-北京大学第六医院
    3 月前
    冷冷的春卷  ·  [口袋妖怪心金魂银]重要道具集合帖
    4 月前
    鬼畜的饼干  ·  .NET Core WebApi中实现多态数据绑定 - LamondLu - 博客园
    4 月前
    Link管理   ·   51好读   ·   Sov5搜索   ·   小百科
    link管理 - 链接快照平台